JavaScript Python HTML CSS Other
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
.github Update ISSUE_TEMPLATE.md Jun 15, 2017
alerts Dynamically register alert tasks in new celery Mar 26, 2018
benchmarking Remove leftover javascript comment line Jan 5, 2018
bot Modify bugzilla bot plugin to handle multiple search queries Feb 9, 2018
config Update nginx config to use off for access log Apr 4, 2018
cron Fix remaining hardcoded s3 bucket names Apr 9, 2018
docker Remove extra new line in docker compose nginx conf Apr 4, 2018
docs Clarify usage doc with receivedtimestamp purpose Jan 17, 2018
examples Remove extra line after copywrite date Jan 4, 2018
lib Improve toutc function to handle negative values Apr 10, 2018
loginput Remove extra line after copywrite date Jan 4, 2018
meteor Revert "Add XHR patch to handle external auth correctly" Feb 1, 2018
mq Always truncate the details.uri to prevent scanners from crashing us Apr 10, 2018
rest Remove extra line after copywrite date Jan 4, 2018
static Remove heatmap html page Jun 15, 2017
systemdfiles Naming Convention and Logging Changes. Oct 4, 2017
tests Improve toutc function to handle negative values Apr 10, 2018
.gitignore updated dots to underscores Aug 25, 2017
.travis.yml Increase travis ES version to 5.6.7 Mar 6, 2018
CONTRIBUTING.md Modifying urls to point to mozilla from jeffbryner, slight readabilit… Jun 15, 2017
LICENSE Updated license file to conform with MPL Feb 25, 2014
Makefile Add new command for removing tests containers Feb 9, 2018
README.md [Docs] - Mozilla/MozDef - README.md - changing markdown layout Jan 4, 2018
requirements.txt Merge pull request #632 from mozilla/elasticsearch_5 Apr 5, 2018

README.md

Build Status Documentation Status

MozDef: The Mozilla Defense Platform

Why?

The inspiration for MozDef comes from the large arsenal of tools available to attackers. Suites like metasploit, armitage, lair, dradis and others are readily available to help attackers coordinate, share intelligence and finely tune their attacks in real time. Defenders are usually limited to wikis, ticketing systems and manual tracking databases attached to the end of a Security Information Event Management (SIEM) system.

The Mozilla Defense Platform (MozDef) seeks to automate the security incident handling process and facilitate the real-time activities of incident handlers.

Goals:

  • Provide a platform for use by defenders to rapidly discover and respond to security incidents.
  • Automate interfaces to other systems like bunker, banhammer, mig
  • Provide metrics for security events and incidents
  • Facilitate real-time collaboration amongst incident handlers
  • Facilitate repeatable, predictable processes for incident handling
  • Go beyond traditional SIEM systems in automating incident handling, information sharing, workflow, metrics and response automation

Status:

MozDef is in production at Mozilla where we are using it to process over 300 million events per day.

DOCS:

http://mozdef.readthedocs.org/en/latest/